The Portuguese Presidency is calling for an EU-wide regulation on access to encrypted content by police and judiciary. This should also affect device manufacturers. Failure to comply could result in companies being banned from doing business in the EU.
The European Union is to adopt a legal framework on decryption in the near future so that authorities can access „lawfully relevant data“. This was written by the Portuguese EU Council Presidency in a Communication which also presents a roadmap for this purpose. An important milestone is a proposal for „way forward“, which the EU Commission will prepare by 2022.
The paper from Portugal has been coordinated with the previous German and the upcoming Slovenian EU Presidencies. The German Ministry of the Interior had taken a new initiative against end-to-end encryption at the start of this so-called trio presidency and adopted a Resolution and Conclusions on the implementation of decryption capabilities. It states that the member states themselves should decide on the methods they use. „EU Council and Commission: New roadmap for access to encryption“ weiterlesen
The planned EU e-Evidence regulation is intended to force Internet service providers to cooperate more with police and judicial authorities. However, a survey shows that the companies already comply with their requests voluntarily. But they are often incorrect and thus rejected.
The police from Germany, France and Great Britain request by far the most data from Internet service providers. This is the result of a study by the SIRIUS project, which Europol has published on its website. 38% of all requests (67,991) come from German authorities. Although the so-called G6 countries (Germany, France, the UK, Poland, Spain and Italy) represent half of the EU population, their authorities are responsible for around 90% of crossborder internet surveillance activities.
The SIRIUS platform located at the police agency Europol in The Hague is intended to facilitate the exchange of knowledge on electronic evidence. Via a secure connection, authorities in all EU member states can obtain information on how to query Internet service providers. This applies to traffic, user and content data, which are released in different ways. SIRIUS also contains instructions for „Open Source Internet Searches“ (OSINT) and for conducting queries on user data from various service providers. This enables the persons behind IP addresses or mail accounts to be determined. „Europol Study: Disclosure of electronic evidence often fails due to incompetence of authorities“ weiterlesen
The European Investigation Order in criminal matters allows judicial authorities in all EU Member States to instruct each other to collect evidence. It also sets forth provisions for cross-border telecommunications surveillance. The European standardisation institute ETSI is consequently working on interfaces for the hand-over of intercepted phone calls.
By May 22nd, the Member States of the European Union have to transpose the European Investigation Order in criminal matters (EIO) into national law. The Directive defines cross-border cooperation between judicial authorities including courts, investigating judges and public prosecutor’s offices. In the future, an “issuing State” can oblige an “executing State” to gather evidence in criminal proceedings. This entails inter alia conducting investigations.
It also sets forth provisions for the “temporary transfer of persons held in custody”, hearings by video or telephone conference or the use of the European arrest warrant to transfer people (including temporarily) to courts of another state. There is a dedicated chapter on telecommunications surveillance and the transfer of the “electronic evidence” gathered during such. „Project SMILE: Interface for European telecommunications interception“ weiterlesen
When conducting digital investigations, authorities often run up against the problem that the data they are looking for is stored on servers abroad or that service providers do not respond to requests. The European Commission is therefore working to develop uniform standards. A number of companies are already cooperating in these efforts.
The European Union intends to make it easier for the police and secret services to access servers belonging to Internet providers. This is set out by a position paper by the European Commission on gaining access to e-evidence, which was discussed at the recent Justice and Home Affairs Council. The paper contains proposals for implementing the Council conclusions on “Improving criminal justice in cyberspace” of June of this year. Allowing authorities to submit direct enquiries to companies is on the table. „E-evidence: Internet companies in the USA to facilitate direct enquiries by European authorities“ weiterlesen
The European Union intends to simplify investigative authorities’ access to encrypted content. This emerged from the replies to a questionnaire that was circulated to all Member States by the Slovak Presidency of the EU Council. After a “reflection process”, efforts in this area are, according to the summary of the replies, intended to give rise to a framework for cooperation with Internet providers. It remains unclear whether this will take the form ofa recommendation, regulation or directive.
The replies to the questionnaire are now being examined by the Friends of the Presidency Group on Cyber Issues (FoP Cyber), which also held discussions on “increasing tendencies to exploit encrypted communication in order to hide criminal activities, identities and crime scenes”. Those taking part included the European External Action Service, the European Defence Agency and other EU institutions. FoP Cyber’s recommendations will then be addressed at the meeting of the next Justice and Home Affairs Council in Brussels. „New EU network of judicial authorities to combat the “challenges stemming from encryption”“ weiterlesen